Malware Bytes and that stupid anti-rootkit DDA driver error

[a nameless entity]

I don't like the latest version of Malware Bytes Free too much. I liked the choice of a fast scan or a thorough scan on the older version better. But once again just doing a normal update a few months ago got me the new version of the free program.

Now I cannot scan for rootkits. To be honest I cannot recall now whether or not I could scan for them with the old version or not either. But with this new version if I go to the detections panel and enable scanning for rootkits (why isn't it turned on by default?) the moment I try to do a scan this little window opens up that says:

Malwarebytes was unable to load the Anti-Rootkit DDA Driver, this error may be caused by rootkit activity. Do you want to reboot the system and attempt to install the Driver?

(If you don't choose to reboot, Anti-Rootkit scanning will be disabled for this session).

Yes/No

Needless to say, the DDA Driver never ends up loaded and I don't get to scan for rootkits.

Now I'm 99 44/100% sure I do not have any root kits. I've scanned and scanned this PC and done scans after rebooting to safe mode with networking with all my anti malware programs and found nothing.

I did some homework on this problem a while back, and it seems it's been around for a few years. There were lots of posts at the Malwarebytes help forums dating back upwards of 5 years where users cannot scan for rootkits either. The solutions offered involved a lot of "rigmarole" or as I would put it, "farting around" by the user in order to solve the issue. Sometimes the solutions worked, often they did not.

So, does the older version of the program work better? Does it allow scanning for rootkits? Or should I just be happy with Malwarebytes as it is, and hope that Microsoft Security Essentials will be good enough?

I have even downloaded the "Microsoft Support Emergency Response Tool" and run that to be safe(r).

But I would really like to know if an easier fix for this problem ever comes about. Malwarebytes Free has such a good reputation and I'd like to use it to its full potential.

[EvilGrins]

I am also not that fond of it, but you can scan for rootkits.

1) Select 'Scans' from the top menu, near the middle
2) Choose the 'Custom Scan'.
3) On type of scans on the left, click 'rootkits'

Think of me fondly come XMAS.

[Hermskii]

Good job EG.

Nameless, make sure you are not in safe mode. make sure you are a system admin as well before you start the scan.

[a nameless entity]

Thanks EG, but the same sad little window appears asking the same dreary question.

This computer boots up with me as the default user. I am the only user besides 'admin' and I have full admin rights and capabilities. At least, that was the way I set things up on day one of ownership. Hopefully I did it correctly. It's been 11.5 years, and you only see that stuff once when the Dell starts up for the first time.

Herm, I spoke of scanning in safe mode with networking because of the advice you gave EG a while back about unblocking his PC. I thought perhaps that was a way to prevent malware from hiding or protecting itself when you start up a malware scan. So I used it a couple of times when I wanted to do a scan for the extra protection I thought I was applying.

I just tried logging off and logging back on again because I thought I'd be offered a choice between myself and "administrator". I thought if I did that I could try again and see if I could scan for root kits.
I only had a choice of the only user there is on this PC, myself. I have seen a screen where there is a choice of administrator or myself, but the only time I have seen it is after booting into safe mode, and then rebooting the PC. I guess I could try that next. I guess I will. 5 will get you 10 it still fails.

Edit: Pffft, yeah okay, what I was remembering was that you get a choice of admin or a user when you boot into safe mode. While in safe mode with networking I tried to follow EG's advice, but still got the same stupid little window telling me it can't be done.
And rebooting into normal windows just goes to the default user of myself. If there's a way to get a choice between admin and myself I don't know or cannot remember wtf it is.

It's late at night as usual when I seem to end up looking at and trying to solve bs like this and I'm sick to death of that. Enough is enough. Screw it.

[Hermskii]

Answer?

http://www.wikihow.com/Login-to-Windows ... inistrator

[EvilGrins]

Ah... I may've just skimmed your initial post and missed that driver issue.

How often do you update your MalwareBytes? I do it nightly, just before I goto bed. Sometimes run the scan for while I'm sleeping. Which I only mention as before it changed to it's new look i also got an error window... but a couple updates/days later it was gone.

Since running into this problem, have you done new updates?

[a nameless entity]

Thanks Herm. I am indeed an admin. Hooray.

Yes EG, I update every time I open the program. If I run it in the morning I check for an update first thing. Then if I run it in the evening again, I check for another update because the program is updated a few to several times a day.

I don't remember if the old version even let you choose whether to scan for rootkits or not. But now that it is supposedly available in this new version I would like to do so.
But I get that damned error window every time, even if I reboot before scanning.

One good thing about the reboot is that you seem to get a boot time scan, which means that malware should not be able to hide or defeat the program from finding it. However I have no idea if on that occaision it bothers to look for rootkits. I should watch more carefully I suppose.

Ah well what can you expect for free, huh?

Are there any other good free Windows XP compatible programs out there that check for rootkits?

[Hermskii]

Here is my current magic formula and all of these are XP friendly too:

Install and run these programs to completion in this order:

RKILL: http://www.bleepingcomputer.com/download/rkill/dl/10/ ( Run with default settings )

ZbotKiller: http://support.kaspersky.com/us/viruses/utility ( Run with default settings )

TDSSKiller: http://support.kaspersky.com/us/viruses/utility ( Run with default settings )

RogueKiller: http://www.adlice.com/softwares/roguekiller/ ( Run with default settings )

CCleaner: http://www.piriform.com/ccleaner/download/standard ( Run with default settings but don't run this if you are missing icons from your desktop or control panel. Run the Cleaner first. Then click the Registry button on the left under the Cleaner button and run it too.)

Malwarebytes: https://www.malwarebytes.org/mwb-download/ ( Uninstall old versions first and then install this new one and update it. Default settings are usually good enough. )

[Dr.Flay]

Here are a few options
http://free.antivirus.com/us/rootkit-buster/index.html
http://www.majorgeeks.com/mg/sortname/r ... moval.html
http://freeware.wikia.com/wiki/Lists_of ... ntirootkit